Azure migration

readiness
© 2019 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and
views expressed in this document, including URL and other Internet Web site references, may change
without notice. You bear the risk of using it.
Some examples are for illustration only and are fictitious. No real association is intended or inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft
product. You may copy and use this document for your internal, reference purposes. You may modify this
document for your internal, reference purposes.
Microsoft makes no warranties, express or implied, with respect to the information provided here.
Contents
Introduction to Azure migration readiness ........................................................................................................... 1
Business strategy .................................................................................................................................................. 2
Migration project plan .......................................................................................................................................... 3
Partner support..................................................................................................................................................... 4
Application discovery & assessment ..................................................................................................................... 4
Migration process ................................................................................................................................................. 9
Technical skilling ................................................................................................................................................... 9
Landing zone ....................................................................................................................................................... 11
Cloud operations ................................................................................................................................................. 12
Security & compliance ........................................................................................................................................ 13
Conclusion ........................................................................................................................................................... 14
Introduction to Azure migration readiness
Microsoft Azure provides access to a comprehensive set of cloud services that, as developers and IT
professionals, you use to build, deploy, and manage applications, through a global network of
datacenters. Companies are moving to the Azure to gain agility, increase performance, reliability and
minimize costs. To gain these benefits, organizations must have a defined path to move from their on-
premises datacenters to Azure.
The Microsoft Cloud Adoption Framework for Azure provides guidance so your organization can
effectively adopt Azure. It is based upon a rich set of best practices from Microsoft employees, partners,
and customers.

Figure 1 – Microsoft Cloud Adoption Framework for Azure

Based upon the Cloud Adoption Framework, there are nine critical dimensions every organization should
address to prepare for migrations at scale. It is important to understand your current level of readiness
for a migration project to be a success. These dimensions span various planning, technical and support
aspects of the migration project.

Figure 2 - Azure migration readiness dimensions

1
Business strategy
Defining a business strategy is a set of steps starting with initial exploration of the concept of cloud
adoption and culminating in a specific business case and commitment from leadership.
It’s important for you to start defining the reasons your organization should migrate to the cloud. With
an understanding of your migration drivers, you can establish the root business case for the project, as
well as understand the urgency and timelines to meet. It is important to distinguish between business
drivers, technical drivers and timeline drivers as your approach to the migration can shift.

Figure 3 - Azure migration drivers

Evaluate the potential cost savings of migrating to Azure by calculating and comparing your TCO for
Azure with that of a comparable on-premises deployment. Use the Azure TCO calculator to build a
customized cloud business case to support an Azure migration.

Figure 4 - Example Azure TCO

2
Be sure to include all your hardware, software, facilities and the cost of the team that currently supports
your on-premises environment. Additionally, an estimate for the migration project will also be needed
including professional services, development and training for your team.

This TCO estimate and business case should be treated as a starting point in which assumptions will be
made, and you can always refine later as the team works through the migration process.

For more information on Building a Business case see the Cloud Adoption Framework.

Migration project plan

Migrating to the cloud is a digital transformation for most businesses that requires broad organizational
change and support. Reach out to key people throughout the organization, and make sure to include
representation from both IT and the business stakeholders. Getting everyone’s engagement and support
before you migrate will lead to a smoother, faster cloud migration process that meets everyone’s goals.
Assembling a migration team and the high-level scope for the project should be identified. One
important early decision for the team is to determine if this will be a companywide strategy, or whether
to pilot with a select business unit or subset of applications.
The migration project plan should include a high-level inventory of applications, (e.g. from a CMDB or
Service Catalog), to migrate, along with identifying all the roles who will work together on the project.
This is important as the migration project will likely span multiple months or even years’ worth of effort
to complete.
Ideally this exercise is done prior to an actual discovery and assessment of your on-premises
environment. If your organization is struggling to understand your application portfolio, you may need
to perform your application discovery and assessment first, and then come back and define the
applications that are in scope for the migration.
Some high-level categorization of the applications to be migrated should be completed during this
phase. Each application listed should be assigned values that allow for a decision-making process
regarding which applications and in scope for the migration and the assigned order in which applications
will migrate. The priority should be the final value set based on the other values assigned by the team.
Category Assigned Value
Proof of Concept? Yes/No
Technical Complexity 1-5
Business Risk 1-5
Priority 1-3

Table 1 - High-level application evaluation

Start with proof of concept (POC) applications which are representative of your applications, but aren’t
mission critical. It is important for the business to minimize risk and allows the migration team to gain
confidence with quick wins on their cloud journey. These applications should be less complex, but
representative of the typical applications in your environment.

3
With an inventory of the categorized applications, a project plan with assumptions on the number of
applications migrated per month (along with the order of those migrations), should be published for
feedback from all stakeholders. Revisiting the costs could be in order if any of your assumptions need to
be adjusted based on the plan you have created.

Partner support
When planning your migration to Azure, the organization must consider the type of partner support
required during and after the migration project. During the project, external help from a Microsoft
partner is recommended, so migrations can proceed quickly and with expert help. These expert partners
have met Microsoft’s highest standards. They’re ready to help you plan and migrate to the cloud, and
aid in optimizing and securing your environment.
After the project is complete, the organization needs to consider whether they want ongoing help from
a partner to continue managing their Azure cloud environment(s). To achieve your digital
transformation goals with minimal disruption, turn to our Azure Expert Managed Services Providers.
They have deep cloud technical know-how, consistently deliver customer success, and validate the high
standards of their services each year with an independent auditor.

Application discovery & assessment

Before migrating workloads to Azure, you first need to understand the current infrastructure and define
what the migrated workloads will look like. With simple steps, you can comprehensively discover and
assess your on-premises resources to figure out how they'll run in the Azure cloud.
Discovery
To start any migration, you need to compile an inventory of the physical and virtual servers in your
environment. While your current management tools may provide a good representation of the
hundreds—maybe thousands—of applications your organization is running, you need an inventory
mechanism that can feed data into subsequent migration steps.
With cloud migration assessment tools like Azure Migrate or from our partners such as Cloudamize,
Turbonomic, or Movere you’ll have a complete inventory of servers with metadata for each—including
profile information and performance metrics—allowing you to build your cloud migration plan.

Figure 5 - Azure Migration Service Map

4
Using this information, map your servers to represent your on-premises applications. This will help
identify dependencies or communication between servers so you can include all necessary application
components in your cloud migration plan—helping reduce risks and ensure a smooth migration.
Assessment
Now that you have discovered and grouped your servers logically to represent the applications it is time
to perform the assessment. Your migration team including both technical and business stakeholders will
need to select the best cloud migration strategy for each application based on its requirements and
migration objectives.
Selecting an Application Migration Strategy
When looking at a cloud migration, there are four widely-adopted strategies: Rehost, Refactor,
Rearchitect, or Rebuild. Each of these strategies can be leveraged by organizations depending on their
business drivers and goals for moving to the cloud.

Rearchitect
Rehost

Refactor

Rebuild
•Redeploy as-is to •Minimally alter •Materially •New code
cloud to take better alter/decompose written with
•"Lift & Shift" advantage of application to cloud native
cloud services approach
•IaaS
•PaaS •PaaS •PaaS
•Containers •Micro-services •Micro-services
•DevOps •Serverless •Serverless
•DevOps •DevOps

Figure 6 - Azure migration strategies

For example, you could choose to Rehost or "lift and shift," less-strategic apps with no code changes,
and then Rearchitect others which are more business-critical, decomposing them into microservices.
It is best for your migration team to adopt a simple migration decision tree. This will drive your decision
based on the company’s priorities and requirements.
The decision tree starts with a simple question: will your organization continue to invest in “Future
Development”, of the application?
If you are going to continue to invest in an application then it would be best to Refactor, Rearchitect or
Rebuild the application for the cloud using Platform as a Service (PaaS). If it will stay static in its current
form, then you should select Rehost and move it to Infrastructure as a Service (IaaS).

5
 Figure 7 - Migration strategy decision tree

There should then be an evaluation phase of the applications to ensure that each will in fact run in the
cloud. Once you have proven the technology, then you can move forward with a migration of the
application.
Keep in the mind that you might Rehost the application on a short-term basis to move it to the cloud
with the full intention of using a different strategy for the application’s future. This is a very common
and valid practice as you will have moved the application to the cloud and can move forward with
development in the cloud.
Migrating applications to the cloud using Rehost will get you to the cloud. Optimizing costs and reducing
overprovisioned resources will begin to save you money. However, these activities are just the start. To
realize the full benefits of the cloud over time, you will need to start looking at Refactor and
Rearchitect, so your applications make better use of Microsoft Azure capabilities and cost savings that
PaaS services offer above that of IaaS.
Refactoring allows you to change the way the applications are hosted to start making use of PaaS
services; like App Service, SQL Database, Cosmos DB, and others. Rearchitecting allows you to
fundamentally change the applications to make use of Microsoft Azure cloud capabilities by optimizing
the application design and architecture to become cloud-native.
If you are going to start from scratch to become cloud-native, then selecting Rebuild from the outset
makes sense, but this is usually reserved from the most important business applications and the effort
will be much greater. Few applications will be migrated in this manner at the outset of an Azure
migration project.
Understanding each of these strategies is critical to planning for your migration. It will help you make
your assessment and then build a plan for moving to Azure.

6
 Strategy Definition
Rehost Often referred to as “lift and
shift” migration, this no-
code option lets you migrate
your existing applications to
Azure quickly.
Each application is migrated
as-is, which provides the
benefits of the cloud
without the risks or costs of
making code changes.
Refactor Refactoring, often referred
to as “repackaging,” is a
cloud migration approach
that lets you minimally alter
application code or apply
configuration changes
necessary to connect the
application to Azure PaaS
and take better advantage
of the cloud.
Table continued on next page
When to use Azure Services
You need to move • Azure Virtual
applications from your Machines
datacenter to the cloud • Azure VMware
quickly, with no code Solutions
changes. • Azure SQL Database
Your business requires the Managed Instance
applications, but doesn’t • Azure DevTest Labs
need to change their • Windows Virtual
capabilities right away. Desktop
You need to run secure
applications across VMware
environments and Microsoft
Azure with a common
operating framework.
Rapidly build Dev/Test
environments, moving from
weeks of waiting to ready to
work in minutes.
Deploy and scale virtualized
Windows desktops and apps
on Azure, supporting Remote
Desktop Services.
You need to use an existing • Azure App Service
code base and development • Azure SQL Database
skills, and code portability is Managed Instance
a concern. • Azure Database for
MySQL
Your application can be easily
repackaged to work in Azure. • Azure Database for
PostgreSQL
You want to apply innovative • Azure DevOps
DevOps practices provided by
Azure.
7
 Strategy Definition
Rearchitect Modify or extend an existing
application's code base to
optimize the application
architecture for cloud scale.
For example, decompose a
monolithic application into
microservices that work
together and readily scale.
Rebuild Rebuild an application from
scratch using cloud-native
technologies from Azure.
Table 2 - Cloud migration strategies
When to use Azure Services
Your application needs a • Azure Kubernetes
major revision to incorporate Service
new capabilities or to work • Azure SQL Database
more effectively on a cloud • Azure Database for
platform. MySQL
You want to make use of • Azure Database for
existing application PostgreSQL
investments. • Azure DevOps
You want to meet scalability
requirements in a cost-
effective way.
You want to minimize use of
virtual machines.
Your IT team is investing in
DevOps using a container
strategy for certain
workloads.
You want to apply innovative
DevOps practices provided by
Azure.
You want rapid development, • Azure Kubernetes
and the existing application is Service
limited in functionality and • Azure AI
lifespan. • Azure Functions
You’re ready to build new • Azure API
applications using cloud- Management
native technologies. • Azure Logic Apps
• Azure SQL Database
You want to build innovative
• Azure CosmosDB
apps taking advantage of
• Azure DevOps
advancements in AI,
blockchain, and IoT.
You want to expedite your
business innovation.
You want to apply innovative
DevOps practices provided by
Azure.
8
Migration process
The work done in Discovery and Assessment should now be augmented so that each application is put
into a migration wave. A migration wave is the organization of migrating an application or workload
using a phased approach. Migration is often discussed as a single process, however, it’s really a
collection of many smaller migrations that all need to be managed and performed in a coordinated
effort to achieve a successful migration process.
Before beginning any migration steps, a set of migration waves will need to be defined as part of the
migration plan. The first migration wave will be the “pilot” wave in which the first applications will be
migrated. This should include the simplest applications to migrate such as web applications, low
complexity applications in terms of high availability and disaster recovery requirements (HA/DR), and/or
other non-business critical applications. This “pilot” wave will also allow you to prove the landing zone
and other infrastructure is configured as needed before other more complex or business critical
applications are migrated. This will be the wave used for the applications that were categorized as proof
of concept (POC).
Successive migration waves should be defined with increasing levels of complexity. This will provide a
somewhat gradual migration approach that will help with easing the organization to being more
comfortable with migration as they progress through the project and finally complete later waves that
include more complex applications to migrate.
Some customers may choose to also introduce phased deployment process for the applications in using
testing, staging, and production environments. This allows you to fully test and validate each migration
wave before moving on to the next wave.

Technical skilling
Before moving through the process of a migration project, you need to ensure the team has the skills
and training to perform the migration successfully. This will lay the foundation for success in Azure.
Put together a plan for retooling and maintaining your team’s cloud skills. This will involve
understanding which skills are needed and practical ways of training your team to close the skills gap
and foster team growth. This prescribed training path for the organization will need to be established
and added to the overall migration plan.
A mix of online and instructor-led training options to learn new skills may better prepare your company
for the migration project. The training plan should consist these competency areas:
Training Details
Azure Foundations Microsoft Azure, Infrastructure, Networking, Data, DevOps and Cloud
Development methodologies
Migration Skills Specific process, software, and migration techniques

Role specific training Training for specific roles in the organization in support of the migration,
ongoing maintenance, and development on the new platform

Table 3 - Training plan areas

9
Training Courses
Microsoft offers a range of Azure training courses, certifications and exams with different levels and
specializations. These programs align with the roles of team members that will make up the migration
team. These can help you build skills in your team as well as to identify suitable candidates when hiring.
Team members will see the commitment to both them and your move to the cloud by engaging them in
training and certification.
Foundational Migration-specific Advanced role-based
Training Azure Migrate Migrate SQL Azure Azure Azure
Course Fundamentals Windows and Workloads Administrator Developer Solution
(AZ-900) Linux Server to Azure (AZ-103) (AZ-203) Architect
Workloads to (DP-050) (AZ-300)
Azure (WS-050)
Duration 1 2 2 4 5 5
(days)

Table 4 – Azure training courses

The follow roles and their responsibilities align with the Azure training and certification program:
Role Responsibilities
Administrator Azure Administrators who manage cloud services that span storage, security,
networking, and compute cloud capabilities.
Developer Azure Developers who design and build cloud solutions such as applications and
services. They participate in all phases of development, from solution design, to
development and deployment, to testing and maintenance.
Architect Azure Solution Architects who advise stakeholders and translates business
requirements into secure, scalable, and reliable solutions.
Security Azure security engineers who implement security controls, maintain the security
posture, manages identity and access, and protects data, applications, and
networks.
DevOps Engineer DevOps professionals who combine people, process, and technologies to
continuously deliver valuable products and services that meet end user needs
and business objectives.

Table 5 - Role specific training

Learning and becoming proficient in Azure will allow staff to demonstrate their skills and boost their
careers. To achieve certification, your team will need to pass one or more Microsoft certification exams.
The exams needed vary depending on the certification sought, and a range of options is typically
available for each certification. To explore further, and to review which exams are required for each
certification, see the Microsoft Azure Certification Overview.

10
Azure Center of Excellence (COE)
Establishing a central team, a Cloud Center of Excellence (COE), will be important for oversight of the
staff readiness aspect of the project. For larger organizations, this will generally be a team of people,
where in a smaller organization this could be a single person in this role. This team will be the go-to
group in your organization to execute on the Azure migration.

Landing zone
The landing zone is the provisioned and prepared environment in Azure that will be used to host the
migrated workloads. A well-designed landing zone is essential to put in place at the onset of a migration
project. We can liken it to needing a foundation before you start building your house.
As you plan and design for migration, in addition to the migration itself, a few of the most critical steps is
the design and implementation of Azure networking, identity, security and governance. The most
important of these is networking. The networking design and implementation will define the security
and connectivity of the migrated workloads and services hosted in Azure. An additional consideration is
the application communication with hybrid-cloud or other on-premises resources.

Figure 8 - Azure landing zone

The landing zone will include a defined set of cloud services, capabilities, and best practices to be used
for the applications being migrated. Here are the components along with some landing zone
considerations to consider:

• Networking – Select the hybrid networking services and architecture to support your
organization’s applications, governance, and connectivity requirements. Use Azure
ExpressRoute to create private connections between Azure datacenters and infrastructure on
your premises or in a colocation environment.
• Identity – Extend your users’ credentials to the cloud with Azure Active Directory (Azure AD).
This enterprise identity service provides single sign-on and multi-factor authentication to help
protect your users from cybersecurity attacks.
• Management – Azure Monitor helps you maximize performance and availability of your
applications and proactively identify problems in seconds. Collect, analyze, and act on telemetry
data from your newly migrated Azure workloads.
• Security – Enable Azure Security Center to quickly assess your security posture with Secure
Score.
• Governance design – Use Azure Blueprints to establish a methodology for governing the new
environment. Simplify you Azure deployments by packaging key environment artifacts, such as
Azure Resource Manager templates, role-based access controls, and policies, in a single
blueprint definition.

11
Cloud operations
Once all migration waves are complete and applications are successfully migrated into Azure, you still
need to optimize them to retain and improve access, flexibility, security, and reliability. There are many
aspects that need continuous management once workloads have been migrated. To do this, several
different Azure services can be used to perform operations such as monitoring, cost optimization, and
management of the applications running in Azure.
Monitoring the performance and usage of migrated applications provides analytics on the overall health
and optimization of cloud usage. Monitoring and logging can be done using Azure services like Azure
Monitor, which includes Azure Log Analytics and Azure Application Insights.
Cost management is critical for all cloud infrastructure because you pay for what your services use and
the pricing tiers that are provisioned. If resources are overprovisioned, then you will be overpaying
unnecessarily. Azure Cost Management is a service used to gain visibility into organizational cost and
usage patterns with advanced analytics. It also includes cost recommendations to clearly show how your
expenses are organized and how you might reduce costs.
Resource use optimization or “right-sizing” is an important aspect to optimizing the architecture of
applications in the cloud to improve costs over time. There are a few techniques and features within
Azure to ensure you aren’t overprovisioning while optimizing for cost; use features include Auto
Shutdown and Autoscaling of Virtual Machines. Another option of conserving cost is to take advantage
of Reserved VM Instances (RIs), to pre-purchase virtual machine resources for one or three-year terms
to save on cost for resources you know you will be consuming.
Concern What to use
Cost Management Azure Cost Management
Azure Reserved VM Instances
Auto-Shutdown
Autoscaling
Right-sizing to prevent overprovisioning
Optimized Architecture Rearchitect from IaaS to PaaS
Rebuild application to be cloud-native
Configuration Management Azure Subscription(s)
• Azure service limits
• Subscription Security Boundary
• Billing / chargeback
Resource organization via Resource Groups
Role-Based Access Control (RBAC)
Virtual Machine Management Azure Backup / disaster recovery architectures
OS Patching
DevOps & Automation Infrastructure as Code (IaC)
• ARM Templates
• Scripting (CLI and/or PowerShell)
• Azure DevOps Pipelines
Monitoring Azure Monitor
Azure Application Insights
Azure Log Analytics
Operational Processes & Runbooks Azure Automation

Table 6 - Azure operations

12
Security & compliance
A critical component for all application architectures is security and compliance to protect your
organization. Both security and compliance are cross cutting requirements for all steps of a cloud
migration. It is important to create a secure design and migration strategy from the beginning and to
carry that through into post migration management of the migrated applications.
Security is a shared responsibility between both you and Microsoft. Microsoft has made substantial
investments in the overall security of Microsoft Azure. These include physical, logical, operational,
networking, and software security measures. With all these security measures built into the core of
Microsoft Azure and its services, you are still responsible for ensuring your own applications and
infrastructure are secure using a wide range of features and tools.
There are several security processes to setup as part of your migration and management strategy:
• Incident response
• Malware protection
• Disaster recovery / business continuity planning
• Patch management
• Access control and user provisioning
• Firewall management
• Password management

The following services and capabilities can be used to solve several security and compliance concerns for
the various applications and infrastructure being migrated:

Security Concern Capabilities

Identity & access management Azure Active Directory (Azure AD)
Multi-Factor Authentication
Role-Based Access Control (RBAC)
Azure AD Identity Protection
App and Data protection Encryption (Disks, Storage, SQL)
Azure Key Vault
Confidential computing
Network security VNet, NSG, Peering, VPN
Application Gateway (WAF), Azure Firewall
DDoS Protection Standard
Azure ExpressRoute
Threat protection & security management Azure Security Center
Azure Sentinel
Microsoft Antimalware for Azure
Azure Log Analytics
Compliance Azure Compliance in the Trust Center

Table 7 - Azure security services

13
Conclusion
These readiness dimensions are important to enable your successful scale migration to Azure. However,
being completely ready is a progression and we encourage you to ask for help. The first step is to
commit to doing your migration project and defining your Business Strategy. After that point, Microsoft
has a program designed to assist you.
The Azure Migration Program (AMP) helps accelerate your migration journey. It includes prescriptive
guidance and tools customers need for a path to the cloud from start to finish. Using proven cloud
adoption methodologies, tools, resources, and best practices, AMP will enable your move to the cloud,
working hand in hand with Microsoft experts and specialized migration partners.
It includes:
• Curated, step-by-step guidance from Microsoft experts and specialized migration
partners based on the proven Microsoft Cloud Adoption Framework for Azure.
• Technical skill building with foundational and role-specific courses to develop new Azure skills
and long-term organizational readiness.
• Free Azure migration tools, including Azure Migrate to assess and migrate workloads, and
free Azure Cost Management to optimize costs.
• Offers to reduce migration costs, including Azure Hybrid Benefit and free Extended Security
Updates for Windows Server and SQL Server 2008.

Begin your migration journey by submitting an application to join the program.

14